How to Connect and Authenticate Workgroup Manager to Lion Server

Workgroup Manager has great power for modifying the directory databases in Lion Server, so understanding the ability of this server tool is critical to healthy account management.

After downloading and installing Workgroup Manager, you need to connect it directly to the Open Directory master. Don’t connect to replica servers or any server bound to the directory. Replica servers contain read-only copies of the directory databases that are periodically synchronized from the master, so editing accounts on replicas forces directory updates on the master from the replica; instead, the master needs to update the replicas.

Open Workgroup Manager from the /Applications/Server folder. Workgroup Manager is preconfigured to connect to the server it’s installed on. In the Workgroup Manager Connect screen, enter the address, username, and password of the local administrator created when you installed Lion Server.

If you’re running Workgroup Manager from another system or you’ve changed the hostname of the server post-installation:

Choose Server→Connect and type the hostname of the server in the Server field.

Enter the administrator’s username and password in the corresponding fields.

Click the Connect button.

You could also click the Browse button to locate available servers on the network, but for the most consistent results, enter the server’s fully qualified hostname, such as server.example.com, in the Address field.

Workgroup Manager loads the default screen. In this example, a number of users have already been created.

Just below the toolbar is a small globe icon followed by text indicating the status of the directory you’re browsing. The first time you connect to an Open Directory master, the status bar displays Viewing directory: /LDAPv3/127.0.0.1.Not authenticated. This indicates that you’re browsing the shared directory on the server itself but haven’t yet authenticated to modify the directory.

Clicking the globe icon allows you to change the directory you’re browsing. A lock icon on the right side of this bar is used to authenticate to the directory.

After you launch Workgroup Manager and connect, you need to authenticate to modify the directory.

In Workgroup Manager, click the lock icon on the right side of the window to authenticate as the directory administrator.

Enter the username and password of the directory administrator in the dialog and then click the Authenticate button.

The status next to the globe icon changes to Authenticated as Directory Administrator to directory: /LDAPv3/127.0.0.1, and the lock icon changes to an open lock.